Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Al85ZBhXXE_pUiZw3NrYjFZnHpo.roa
File:                     Al85ZBhXXE_pUiZw3NrYjFZnHpo.roa (raw, json)
Hash identifier:          cXV/a8S6JPpCWaZewLevOmVUdD2mNt9ySJoTsuOaZK4=
Subject key identifier:   02:5F:39:64:18:57:5C:4F:E9:52:26:70:DC:DA:D8:8C:56:67:1E:9A
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018571B640B03CCED4F1638C67A5AA3FB446
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Al85ZBhXXE_pUiZw3NrYjFZnHpo.roa
Signing time:             Mon 02 Jan 2023 09:00:47 +0000
ROA not before:           Mon 02 Jan 2023 09:00:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207046
IP address blocks:        185.247.4.0/22 maxlen: 24
                          194.113.28.0/22 maxlen: 24
                          185.247.5.0/24 maxlen: 24
                          185.247.6.0/23 maxlen: 24
                          185.209.36.0/22 maxlen: 22
                          194.146.220.0/22 maxlen: 22
                          185.224.220.0/22 maxlen: 22
                          185.221.16.0/23 maxlen: 23
                          185.227.206.0/24 maxlen: 24
                          45.134.84.0/22 maxlen: 24
                          185.221.22.0/23 maxlen: 23
                          185.227.207.0/24 maxlen: 24
                          185.249.204.0/22 maxlen: 22
                          185.250.182.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Sun 04 Jun 2023 15:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:b6:40:b0:3c:ce:d4:f1:63:8c:67:a5:aa:3f:b4:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 09:00:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=025f396418575c4fe9522670dcdad88c56671e9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:cc:b7:bc:e3:1c:10:b1:67:df:78:9b:dc:82:
                    6d:33:cf:c9:09:13:b1:35:a7:5a:8d:3a:e5:bf:70:
                    1a:a7:a4:3f:e9:78:0b:d2:ef:c9:6c:cc:f6:06:1b:
                    fd:60:a3:8c:67:f6:b4:a7:1a:c7:01:5d:58:c5:f7:
                    ac:4c:26:fb:fd:4b:1e:eb:8e:6f:1c:2a:ce:ff:9d:
                    d3:32:ea:56:bb:1e:b3:fe:72:27:ba:17:c8:c8:bf:
                    7a:a3:d9:38:c8:70:57:e8:76:9b:22:dc:71:96:a3:
                    dd:c4:2d:3e:96:18:fb:34:20:62:b6:ad:17:bf:69:
                    21:c4:cd:35:54:8d:71:9a:9f:18:cd:d6:61:29:f4:
                    25:ba:b9:9f:53:53:e8:82:ef:a7:33:85:8f:d1:fe:
                    59:83:6c:b3:e6:28:60:9e:9e:b4:24:b0:46:f2:4c:
                    a3:b9:cd:c5:cb:e3:2f:4b:a0:54:d9:35:f7:fc:b7:
                    5b:dd:91:9f:8f:da:41:1d:e3:2d:10:ed:2a:fa:d9:
                    2f:67:44:8a:e7:1f:30:9b:b5:a0:43:c2:fe:d4:1d:
                    27:fb:d3:33:10:d1:04:ab:dc:a9:aa:b4:48:ac:64:
                    e4:11:8e:b3:2b:26:0c:d4:02:d9:98:8a:1a:ec:bc:
                    51:15:5a:39:14:91:d2:59:0a:91:4d:73:d6:bf:8f:
                    64:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:5F:39:64:18:57:5C:4F:E9:52:26:70:DC:DA:D8:8C:56:67:1E:9A
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Al85ZBhXXE_pUiZw3NrYjFZnHpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.84.0/22
                  185.209.36.0/22
                  185.221.16.0/23
                  185.221.22.0/23
                  185.224.220.0/22
                  185.227.206.0/23
                  185.247.4.0/22
                  185.249.204.0/22
                  185.250.182.0/23
                  194.113.28.0/22
                  194.146.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:f7:bd:69:a8:52:15:56:49:48:10:61:2f:33:f6:22:0f:7d:
         f8:1b:71:69:0a:fc:4b:a1:6f:12:bc:cc:c9:a1:51:57:ff:02:
         78:25:3a:61:c1:80:7f:f9:01:ca:ae:7a:a4:c3:7c:d4:67:46:
         e7:ea:f3:6e:bc:91:95:a7:d4:87:6d:26:80:df:1a:04:40:27:
         11:40:4a:3a:29:53:33:a8:28:85:c5:36:54:3a:2a:b3:7c:81:
         92:b2:6e:98:a7:a6:0a:81:4f:5e:5c:37:bb:65:34:78:1b:fc:
         18:a6:ba:61:e1:da:d3:83:b8:2d:c2:90:7d:09:1a:5a:66:df:
         e4:91:59:2c:55:4b:9d:eb:3e:c9:3c:c0:eb:8b:e0:f1:ca:44:
         3a:55:e6:f5:27:aa:63:79:6e:f9:a8:2b:9d:73:88:05:20:b6:
         0a:56:e3:6c:54:67:11:9b:b2:06:b8:e5:8c:4a:5b:92:cb:99:
         4c:a4:0a:dd:38:ab:05:07:ed:05:31:21:09:6c:d4:19:ce:ca:
         3b:76:5d:96:78:a0:d1:16:df:1e:39:a8:a5:31:a3:ec:29:eb:
         d4:43:04:32:0f:12:f3:4c:e4:bc:cd:60:49:bc:76:da:ff:22:
         7e:2d:e7:84:e0:b2:1f:bf:18:59:37:bf:76:96:97:d7:49:1b:
         5c:77:ad:59
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYVxtkCwPM7U8WOMZ6WqP7RGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMwMTAyMDkwMDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjVmMzk2NDE4NTc1YzRmZTk1MjI2NzBkY2RhZDg4YzU2NjcxZTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsy3vOMcELFn33ib3IJtM8/JCROx
NadajTrlv3Aap6Q/6XgL0u/JbMz2Bhv9YKOMZ/a0pxrHAV1YxfesTCb7/Use645v
HCrO/53TMupWux6z/nInuhfIyL96o9k4yHBX6HabItxxlqPdxC0+lhj7NCBitq0X
v2khxM01VI1xmp8YzdZhKfQlurmfU1Pogu+nM4WP0f5Zg2yz5ihgnp60JLBG8kyj
uc3Fy+MvS6BU2TX3/Ldb3ZGfj9pBHeMtEO0q+tkvZ0SK5x8wm7WgQ8L+1B0n+9Mz
ENEEq9ypqrRIrGTkEY6zKyYM1ALZmIoa7LxRFVo5FJHSWQqRTXPWv49kqwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFAJfOWQYV1xP6VImcNza2IxWZx6aMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvQWw4NVpCaFhYRV9wVWladzNOcllqRlpuSHBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQCLYZUAwQC
udEkAwQBud0QAwQBud0WAwQCueDcAwQBuePOAwQCufcEAwQCufnMAwQBufq2AwQC
wnEcAwQCwpLcMA0GCSqGSIb3DQEBCwUAA4IBAQCK971pqFIVVklIEGEvM/YiD334
G3FpCvxLoW8SvMzJoVFX/wJ4JTphwYB/+QHKrnqkw3zUZ0bn6vNuvJGVp9SHbSaA
3xoEQCcRQEo6KVMzqCiFxTZUOiqzfIGSsm6Yp6YKgU9eXDe7ZTR4G/wYprph4drT
g7gtwpB9CRpaZt/kkVksVUud6z7JPMDri+DxykQ6Veb1J6pjeW75qCudc4gFILYK
VuNsVGcRm7IGuOWMSluSy5lMpArdOKsFB+0FMSEJbNQZzso7dl2WeKDRFt8eOail
MaPsKevUQwQyDxLzTOS8zWBJvHba/yJ+LeeE4LIfvxhZN792lpfXSRtcd61Z
-----END CERTIFICATE-----